# Security policy ## How we process vulnerability reports We address security concerns as a high priority, whether they are raised by our customers or reported by third parties. In order to limit the possibility that a concern could be exploited, we ask to be provided the opportunity to address security concerns before they are reported publicly. Security concerns can be privately reported to us through the Intercom support button in the bottom-right corner of Dock Certs, or by sending an email to . Our open source code bases are available for public inspection, and we love pull requests! Upon receiving a security report, we will: * Triage the security report within 3 business days, and respond to the reporter. The triage will consist of an initial prioritization assessment and identification of next steps. * Prioritize the fix for an appropriate product release, recognizing that backwards incompatible changes might not be immediately releasable. * Publicly disclose the vulnerability after a mitigation has been identified or a fix has been released. If such disclosure will take more than 90 days, we commit to discuss the timeline of the disclosure with the reporter. ## How we categorize security incidents ### Severity level: High Any security breach where confidentiality or information integrity is compromised. ### Severity level: Medium Identification of a significant security vulnerability with no evidence of it having been exploited. ### Severity level: Low Other events that impact system security. ## How we communicate about security Incidents Our communication about security incidents will be based on the severity of the incident. Security Level High:\ We will proactively notify impacted customers within 72 hours of identification. Security Level Medium:\ We will include information about the security concern in the release notes of the product release that addresses the concern. Security Level Low:\ No disclosure may be necessary, so communication will be adapted to the specific incident. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.truvera.io/support/security-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.